FedBizOpps.gov contractor under FBI investigation

Jason Miller, executive editor, Federal News Radio

The federal contractor running three governmentwide websites, including
FedBizOpps.gov, is under investigation by the FBI for allegedly trying to access
without permission websites of their competitors in the education sector.

The Eastern District Court of Virginia in Alexandria issued a search warrant March 5 to the FBI. The FBI conducted the
search before March 19 of Symplicity Corporation's offices in Arlington, Va.

The FBI stated in its request to the judge for the search warrant that a witness
alleges Symplicity tried on several occasions since 2009 to access the networks of
its competitors, Maxient LLC of Charlottesville, Va., and Pave Systems of
Richardson, Texas. Both Maxient and Pave Systems offer software to colleges and
universities, and neither have done any federal business in fiscal 2012, according
to USASpending.gov.

"On Nov. 4, 2011, a cooperating witness who formerly had been employed by
Symplicity for approximately five years provided information to the FBI concerning
the conduct of Ariel Friedler, the Chief Executive Officer of Symplicity.
According to the [witness], Ariel Friedler showed the [witness] how to connect to
Maxient's website and to look for specific customers by putting in Maxient's main
URL, , followed by a question mark and a school
abbreviation," the search warrant obtained by Federal News Radio stated. "Friedler
told the [witness] that this was how Friedler checked for new customers on
Maxient's website. The [witness] stated that every time Friedler found a new
customer on Maxient's website, Friedler would send an instant message or email to
the [witness] about it. The [witness] also stated that Friedler discussed using
anonymizers and The Onion Router to hide Friedler's activity when Friedler was
looking at competitor's networks and that Friedler was very interested in using
these technologies."

The Onion Router Project is intended to enable online anonymity on the Internet.

Suspension a possibility

Symplicity, which is in the Small Business Administration's 8(a) program, won more
than $30 million in contracts so far in 2012 from a variety of agencies, according
to USASpending.gov. More than half of their contracts and dollars came from the
General Services Administration for providing services and running FedBizOpps.gov, the Electronic Subcontracting
Reporting System and the Catalog of Federal Domestic Assistance. It also won $4.4
million in contracts from the Executive Office of the President and $3.2 million
from the Veterans Affairs Department.

While the FBI's search warrant doesn't put any of Simplicity's current contracts
at risk, the vendor could face suspension or proposed debarment on future federal
contracts based on the issuance of the search warrant, said Bill Shook, a
procurement attorney with Government Contracts Attorneys.

Under the FAR, an agency could suspend a contractor for the "commission of any
other offense indicating a lack of business integrity or business honesty that
seriously and directly affects the present responsibility of a government
contractor or subcontractor."

Shook said suspension or debarment based only on the warrant is unlikely,
but if Symplicity is indicted, then suspension would surely follow.

GSA spokesman Adam Ellington said the agency is "unable to comment at this time"
and referred all questions about the investigation to the FBI.

The FBI would not confirm or deny an investigation is ongoing or even took place.

But the search warrant explains in some detail the allegations against Symplicity.

Audit logs show attempted unauthorized accesses

In the search warrant, the FBI alleges someone using IP addresses assigned to
Symplicity tried to access Maxient's client log-in pages in May 2009. In 2010,
Maxient's audit logs showed someone using a Symplicity IP address again tried
several times to log-in to their client pages, the bureau stated.

The search warrant also alleges several other attempts from IP addresses that
either belonged to Symplicity or employees of Symplicity.

"Based on my training and experience, I know that attempting to repeatedly submit
malformed queries like the ones submitted to Maxient's website from the Symplicity
IP address is a method often used by hackers to attempt to gain unauthorized
access to websites," wrote Michael French, a FBI special agent who is in charge of
the investigation.

The FBI also stated Friedler called the owner of Pave Systems, Ghasson Nino in
2010 with an offer to buy the company's student conduct business. During the call,
the search warrant stated, Nino said Friedler mentioned several clients by name
even though such a list is confidential and not publicly available.